Today, most of the sensitive and confidential information that a business has – executive communications, orders, reports and strategies – resides on computers and is often shared and accessed via email. An escalating amount of that email is also handled on BYOD devices, which travel with employees wherever they go. While information security teams understand the magnitude of the mobile threat, they are often not exactly sure how to secure information and data that is constantly on the move.
In the last few years, three different security scenarios have emerged – BYOD device flexibility, working outside the office, and the increasing threat of cyber security breaches. Together, they have formed a security threat most IT security teams simply are not able to comprehensively address.
Given the fluid nature of BYOD and related security issues, the next logical step is to approach the data’s security independent of the device or location. The best minds in security are now paying attention to the vulnerability (or lack thereof) of the data itself, and less to the device on which it resides. If the data is secure wherever it goes, then where it resides becomes unimportant.
This slideshow features important IT security points to consider for 2015 and beyond from Watchful Software.
Data Security Trends 2015
Click through for tips and trends that should be taken into consideration when planning your organization’s security strategy, as identified by Watchful Software.
All organizations own sensitive data, regardless of size or industry.
Employees create sensitive data all the time, so it’s important for organizations to have cost-effective and flexible security solutions in place that can secure proprietary information. The effects of an Excel spreadsheet containing salary and performance data, a sensitive PowerPoint presentation with the marketing and go-to-market strategy for a new product offering, or a CAD drawing with the innovative new component for a known smartphone brand getting into the wild could be devastating for the company as well as the employees.
Data in Motion
Data is increasing and rarely in a state of permanent rest. Like it or not, data moves around.
Sensitive information, in the form of emails, documents, reports and spreadsheets, is found on literally every cloud-based drive, storage device, laptop, handheld and USB device today. This is a real goldmine for an information thief – tapping into the organization’s thought process and getting distilled, refined, qualified information that employees have already crafted into useable tools. This is precisely why it is important that security teams rethink security, not in terms of protecting the environment where information exists, but instead securing the information itself, so it is safe from malicious intent wherever it exists.
Beyond Security Perimeters
Data exists to be consumed and BYOD is far beyond perimeter network defenses.
The genie is out of the bottle and BYOD is a fact of everyday working life for many. We live in a world where information must exist outside of the traditional network security perimeters in order for work to be accomplished. With the advent of a) global distributed business units, b) BYOD, and c) the cloud, there is no such thing as a secure perimeter anymore. The question is not IF your network will be breached, it’s simply a question of when and by whom. The industry needs to move from network-centric security to data-centric security.
Insiders’ mistakes are leading to costly security breaches.
We’re human and we make mistakes. Consequently, information leaks will continue to be all too often caused by trusted insiders, i.e., users who leak information whether knowingly or unknowingly. By ignoring that the company’s own users are already inside the perimeter and that they pose significant threat, CI(S)Os fail to address possibly the most fundamental persistent threat, that of a breach orchestrated by one or more of their organization’s own users. If, for some reason, a vulnerability is opened in the data center, the door is literally left open for a breach to take place. Organizations that implement information protection and control mechanisms and a culture of security committed to safeguarding data will be better positioned for success.
Corporate liability decreases with data classification.
Classifying data according to its sensitivity and setting rules about who can view and utilize it makes sense and provides a layer of protection against corporate liability. It’s also important to ensure employees understand the sensitivity of the data they are accessing and treat it accordingly.
Data protection should exist in two measurable tiers: access and usage.
Quite simply, the best way to protect sensitive information is to have it encrypted. While there are different types of encryption that encrypt data based on its location (on the drive, in transit on the network, etc.), experts today agree that it’s best to simply encrypt the information itself. That way it’s protected no matter where it ends up. If it’s on a laptop drive, it’s encrypted. If it’s in transit across the network, it’s encrypted. If it’s in a file-sharing site such as DropBox, it’s encrypted. If it’s on a USB key hanging around someone’s neck, it’s encrypted. Ultimately, the information is persistently secure … regardless of whether it in inside or outside of your network boundaries.